Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    PfSense + Squid + local network

    Scheduled Pinned Locked Moved General pfSense Questions
    1 Posts 1 Posters 431 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A
      Antoine1
      last edited by Antoine1

      Hi everybody,

      I am struggling since few days now with my setup and you are my last chance before leaving all as it is now...

      Installation:
      1/Pfsense as a FW. Everything which goes from my ISP box goes through it.
      Installed in a VM on ESXI.
      WAN IP: 192.168.1.10
      Lan IP: 192.168.2.1
      Acme package is installed and I have a certificate for my domain name and its subdomains

      2/Bitwarden setup in docker in another VM and accessible via 192.168.2.14:32770
      No cert installed
      3/Nextcloud setup up in a jail within Freenas which is himself in another VM.
      Nextcloud could be reached via 192.168.2.40:443
      No cert installed

      I have an OVH domain name . which points my public IP
      I have two subdomains registered bw.
      . and nc.****. which are also pointing to my public IP

      What I am trying to do:
      Reach either Nextcloud or Bitwarden through nc.. or bw.. and use the global cert I have in PfSense.
      I do not want these VM to be reachable from outside of my own network

      I have followed serveral howto using Squid as a reverse proxy and this is definitely working but only when I make the port 443 accessible from outside (which I do not want).
      In this config, Nextcloud and Bitwarden benefits for the global cert and are reachable via the subdomains mentioned earlier.
      If I do not allow connection on 443, I lose the internal access to my VM.

      I also tried using HAProxy but results is exactly the same.
      I do not know where to look at anymore...

      Is any of you have an idea on how I could reach my target?
      I could provide whatever info you might estimate necessary to understand and fix.

      Many thanks in advance,

      Regards,

      Antoine

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.